<?
ob_start("ob_gzhandler");
require "include/bittorrent.php";
dbconn(false);
loggedinorreturn();

$action = $_GET["action"];

//-------- Returns the minimum read/write class levels of a forum

function get_forum_access_levels($forumid)
{
	$res = query("SELECT minclassread, minclasswrite, minclasscreate FROM forums WHERE id=$forumid") or sqlerr(__FILE__, __LINE__);

	if (mysql_num_rows($res) != 1)
		return false;

	$arr = mysql_fetch_assoc($res);

	return array("read" => $arr["minclassread"], "write" => $arr["minclasswrite"], "create" => $arr["minclasscreate"]);
}

//-------- Returns the forum ID of a topic, or false on error

function get_topic_forum($topicid)
{
	$res = query("SELECT forumid FROM topics WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

	if (mysql_num_rows($res) != 1)
		return false;

	$arr = mysql_fetch_row($res);

	return $arr[0];
}

//-------- Updates the ID of the last post of a forum

function update_topic_last_post($topicid)
{
	$res = query("SELECT id FROM posts WHERE topicid=$topicid ORDER BY id DESC LIMIT 1") or sqlerr(__FILE__, __LINE__);
	$arr = mysql_fetch_row($res) or die("No post found");
	$postid = $arr[0];

	query("UPDATE topics SET lastpost=$postid WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);
}

//-------- Inserts a quick jump menu

function insert_quick_jump_menu($currentforum = 0)
{
	print("<p align=center><form method=get action=? name=jump>\n");
	print("<input type=hidden name=action value=viewforum>\n");
	print("Quick jump: ");
	print("<select name=forumid onchange=\"if(this.options[this.selectedIndex].value != -1){ forms['jump'].submit() }\">\n");

	$res = query("SELECT * FROM forums ORDER BY name") or sqlerr(__FILE__, __LINE__);

	while ($arr = mysql_fetch_assoc($res))
	{
		if (get_user_class() >= $arr["minclassread"])
			print("<option value=" . $arr["id"] . ($currentforum == $arr["id"] ? " selected>" : ">") . $arr["name"] . "</option>\n");
	}

	print("</select>\n");
	print("<input type=submit value='Go!'>\n");
	print("</form>\n</p>");
}

//-------- Inserts a compose frame

function insert_compose_frame($id, $newtopic = true, $quote = false)
{
	global $maxsubjectlength, $CURUSER;
	//id is the forum id for a new topic or topic id otherwise

	if ($newtopic)
	{
		$res = query("SELECT name FROM forums WHERE id=$id") or sqlerr(__FILE__, __LINE__);
		$arr = mysql_fetch_assoc($res) or die("No forum with that id.");
		$forumname = $arr["name"];
		$forumid = $id;
		print("<p align=center>New topic in <a href=?action=viewforum&forumid=$id>$forumname</a> forum</p>\n");
	}
	else
	{
		$res = query("SELECT * FROM topics WHERE id=$id") or sqlerr(__FILE__, __LINE__);
		$arr = mysql_fetch_assoc($res) or error("No topic with that id.");
		$subject = $arr["subject"];
		$forumid = $arr["forumid"];
		print("<p align=center>Reply to topic: <a href=?action=viewtopic&topicid=$id>" . htmlspecialchars($subject) . "</a></p>");
	}

	begin_frame("Compose", true);
	print("<form method=post action=?action=post>\n");
	print("<input type=hidden name=" . ($newtopic ? "forumid" : "topicid") . " value=$id>\n");
	begin_table();

	if ($newtopic)
	{
		print("<tr><td class=rowhead>Subject</td>");
		print("<td align=left style='padding: 0px'>");
		print("<input type=text size=100 maxlength=$maxsubjectlength name=subject style='border: 0px; height: 19px'>");
		print("</td></tr>\n");
	}

	if ($quote)
	{
		$postid = $_GET["postid"];
		$res = query("SELECT posts.*, users.username FROM posts LEFT JOIN users ON posts.userid = users.id WHERE posts.id=$postid") or sqlerr(__FILE__, __LINE__);
		if (mysql_num_rows($res) != 1)
			error("No post with ID.");
		$arr = mysql_fetch_assoc($res);
	}

	print("<tr><td class=rowhead>Body</td>");
	print("<td align=left style='padding: 0px'>");
	print("<textarea name=body cols=100 rows=20 style='border: 0px'>");

	if ($quote)
	{
		print("[quote=" . ($arr["username"] ? $arr["username"] : "Deleted user") . "]");
		print(htmlspecialchars($arr["body"]));
		print("[/quote]");
	}

	print("</textarea></td></tr>\n");

	print("<tr><td colspan=2 align=center><input type=submit class=btn value='Submit'></td></tr>\n");
	end_table();
	print("</form>\n");
	print("<p align=center><a href=tags.php target=_blank>Tags</a> | <a href=smilies.php target=_blank>Smilies</a></p>\n");
	end_frame();

	//------ Get 10 last posts if this is a reply

	if (!$newtopic)
	{
		$postres = query("SELECT * FROM posts WHERE topicid=$id ORDER BY id DESC LIMIT 10") or sqlerr(__FILE__, __LINE__);

		begin_frame("10 last posts, in reverse order");

		while ($post = mysql_fetch_assoc($postres))
		{
			//-- Get poster details
			$userres = query("SELECT * FROM users WHERE id=" . $post["userid"] . " LIMIT 1") or sqlerr(__FILE__, __LINE__);
			$user = mysql_fetch_assoc($userres);
			$avatar = ($CURUSER["avatars"] == "yes" ? htmlspecialchars($user["avatar"]) : "");
			if (!$avatar)
				$avatar = "/pic/default_avatar.gif";

			print("<p class=sub>#" . $post["id"] . " by " . ($user["username"] ? $user["username"] : "[Deleted user]") . " at " . $post["added"] . " PST</p>");
			begin_table(true);
			print("<tr valign=top><td width=150 align=center style='padding: 0px'>" . ($avatar ? "<img width=150 src=$avatar alt='Avatar'>" : "").
			"</td><td class=comment>" . format_comment($post["body"]) . "</td></tr>\n");
			end_table();
		}

		end_frame();
	}

	print("<center>");
	insert_quick_jump_menu($forumid);
	print("</center>");
}

//-------- Global variables

$maxsubjectlength = 60;
$postsperpage = ($CURUSER["postsperpage"] ? $CURUSER["postsperpage"] : 25);

//-------- Action: New topic

if ($action == "newtopic")
{
	$forumid = $_GET["forumid"];

	if (!is_valid_id($forumid))
		error("Invalid forum ID.");

	$arr = get_forum_access_levels($forumid) or die("Bad forum ID");

	if (get_user_class() < $arr["create"])
		error("Permission denied.");

	stdhead("New topic");
	begin_main_frame();
	insert_compose_frame($forumid);
	end_main_frame();
	stdfoot();
	die;
}

//-------- Action: Quote

if ($action == "quotepost")
{
	$topicid = $_GET["topicid"];
	$postid = $_GET["postid"];

	if (!is_valid_id($topicid))
		error("Invalid topic ID.");

	if (!is_valid_id($postid))
		error("Invalid post ID.");

	$forumid = get_topic_forum($topicid) or die("Bad topic ID");

	$arr = get_forum_access_levels($forumid) or die("Bad forum ID");

	if (get_user_class() < $arr["read"] || get_user_class() < $arr["write"])
		error("Permission denied.");

	$res = query("SELECT forumid FROM posts LEFT JOIN topics ON posts.topicid = topics.id WHERE id=$postid") or sqlerr(__FILE__, __LINE__);
	$arr = mysql_fetch_assoc($res);
	$forumid = $arr["forumid"];

	$arr = get_forum_access_levels($forumid) or die("Bad forum ID");

	if (get_user_class() < $arr["read"])
		error("Permission denied.");

	stdhead("Post reply");
	begin_main_frame();
	insert_compose_frame($topicid, false, true);
	end_main_frame();
	stdfoot();
	die;
}

//-------- Action: Reply

if ($action == "reply")
{
	$topicid = $_GET["topicid"];

	if (!is_valid_id($topicid))
		error("Invalid topic ID.");

	$forumid = get_topic_forum($topicid) or die("Bad topic ID");

	$arr = get_forum_access_levels($forumid) or die("Bad forum ID");

	if (get_user_class() < $arr["read"] || get_user_class() < $arr["write"])
		error("Permission denied.");

	stdhead("Post reply");
	begin_main_frame();
	insert_compose_frame($topicid, false);
	end_main_frame();
	stdfoot();
	die;
}

//-------- Action: Post

if ($action == "post")
{
	$forumid = (int)$_POST["forumid"];
	$topicid = (int)$_POST["topicid"];

	if (!is_valid_id($forumid) || !is_valid_id($topicid))
		error("Bad forum or topic ID.");

	$newtopic = $forumid > 0;

	$subject = $_POST["subject"];

	if ($newtopic)
	{
		$subject = trim($subject);
		if (!$subject)
			error("You must enter a subject.");
		if (strlen($subject) > $maxsubjectlength)
			error("Subject is limited to $maxsubjectlength characters.");
	}
	else
		$forumid = get_topic_forum($topicid) or die("Bad topic ID");

	//------ Make sure sure user has write access in forum

	$arr = get_forum_access_levels($forumid) or die("No forum with that id.");

	if (get_user_class() < $arr["write"] || ($newtopic && get_user_class() < $arr["create"]))
		error("Permission denied.");

	$body = trim($_POST["body"]);

	if (!$body)
		error("No body text.");

	$userid = $CURUSER["id"];

	if ($newtopic)
	{
		//---- Create topic
		$subject = sqlesc($subject);
		query("INSERT INTO topics (userid, forumid, subject) VALUES($userid, $forumid, $subject)") or sqlerr(__FILE__, __LINE__);
		$topicid = mysql_insert_id() or error("No topic ID returned.");
	}
	else
	{
		//---- Make sure topic exists and is unlocked
		$res = query("SELECT * FROM topics WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);
		$arr = mysql_fetch_assoc($res) or die("No topic with that id.");
		if ($arr["locked"] == 'yes' && get_user_class() < UC_MODERATOR)
			error("This topic is locked.");
		//---- Get forum ID
		$forumid = $arr["forumid"];
	}

	//------ Insert post

	$added = "'" . get_date_time() . "'";
	$body = sqlesc($body);
	query("INSERT INTO posts (topicid, userid, added, body) VALUES ($topicid, $userid, $added, $body)") or sqlerr(__FILE__, __LINE__);
	$postid = mysql_insert_id() or die("No post ID returned.");

	//------ Update topic last post

	update_topic_last_post($topicid);

	//------ All done, redirect user to the post

	$headerstr = "Location: $SITEURL/forums.php?action=viewtopic&topicid=$topicid&page=last";
	if ($newtopic)
		header($headerstr);
	else
		header("$headerstr#$postid");
	die;
}

//-------- Action: View topic

if ($action == "viewtopic")
{
	$topicid = $_GET["topicid"];
	$page = $_GET["page"];
	if (!is_valid_id($topicid))
		die;
	$userid = $CURUSER["id"];

	//------ Get topic info

	$res = query("SELECT * FROM topics WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);
	$arr = mysql_fetch_assoc($res) or error("No topic with that id.");

	$locked = ($arr["locked"] == 'yes');
	$subject = $arr["subject"];
	$sticky = ($arr["sticky"] == 'yes');
	$forumid = $arr["forumid"];

	//------ Update hits column
	query("UPDATE topics SET views = views + 1 WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

	//------ Get forum

	$res = query("SELECT * FROM forums WHERE id=$forumid") or sqlerr(__FILE__, __LINE__);
	$arr = mysql_fetch_assoc($res) or die("Forum = NULL");
	$forum = $arr["name"];

	if (get_user_class() < $arr["minclassread"])
		error("Permission denied.");

	//------ Get post count

	$postcount = get_row_count("posts","WHERE topicid=$topicid");

	//------ Make page menu

	$pagemenu = "<p>\n";
	$perpage = $postsperpage;
	$pages = ceil($postcount / $perpage);

	if ($page[0] == "p")
	{
		$findpost = substr($page, 1);
		$res = query("SELECT id FROM posts WHERE topicid=$topicid ORDER BY added") or sqlerr(__FILE__, __LINE__);
		$i = 1;
		while ($arr = mysql_fetch_row($res))
		{
			if ($arr[0] == $findpost)
				break;
			++$i;
		}
		$page = ceil($i / $perpage);
	}

	if ($page == "last")
		$page = $pages;
	else
	{
		if($page < 1)
			$page = 1;
		elseif ($page > $pages)
			$page = $pages;
	}

	$offset = $page * $perpage - $perpage;

	for ($i = 1; $i <= $pages; ++$i)
	{
		if ($i == $page)
			$pagemenu .= "<font class=gray><b>$i</b></font>\n";
		else
			$pagemenu .= "<a href=?action=viewtopic&topicid=$topicid&page=$i><b>$i</b></a>\n";
	}

	if ($page == 1)
		$pagemenu .= "<br><font class=gray><b>&lt;&lt; Prev</b></font>";
	else
		$pagemenu .= "<br><a href=?action=viewtopic&topicid=$topicid&page=" . ($page - 1) . "><b>&lt;&lt; Prev</b></a>";

	$pagemenu .= "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";

	if ($page == $pages)
		$pagemenu .= "<font class=gray><b>Next &gt;&gt;</b></font></p>\n";
	else
		$pagemenu .= "<a href=?action=viewtopic&topicid=$topicid&page=" . ($page + 1) . "><b>Next &gt;&gt;</b></a></p>\n";

	//------ Get posts

	$res = query("SELECT * FROM posts WHERE topicid=$topicid ORDER BY id LIMIT $offset,$perpage") or sqlerr(__FILE__, __LINE__);

	stdhead("View topic - $subject");
	print("<a name=top><h1><a href=/forums.php>Forums</a> &gt; <a href=?action=viewforum&forumid=$forumid>$forum</a> &gt; $subject</h1>\n");
	print($pagemenu);

	//------ Print table

	begin_main_frame();
	begin_frame();

	$pc = mysql_num_rows($res);
	$pn = 0;

	$r = query("SELECT lastpostread FROM readposts WHERE userid=" . $CURUSER["id"] . " AND topicid=$topicid") or sqlerr(__FILE__, __LINE__);
	$a = mysql_fetch_row($r);
	$lpr = $a[0];

	if (!$lpr)
		query("INSERT INTO readposts (userid, topicid) VALUES($userid, $topicid)") or sqlerr(__FILE__, __LINE__);

	while ($arr = mysql_fetch_assoc($res))
	{
		++$pn;
		$postid = $arr["id"];
		$posterid = $arr["userid"];
		$added = $arr["added"] . " PST (" . (get_elapsed_time(sql_timestamp_to_unix_timestamp($arr["added"]))) . " ago)";

		//---- Get poster details

		$res2 = query("SELECT username,class,avatar,donor,title,enabled,warned,parked FROM users WHERE id=$posterid") or sqlerr(__FILE__, __LINE__);

		if (mysql_num_rows($res2) == 0)
		{
			$by = "<b>[Deleted user]</b>";
			$avatar = "";
		}
		else
		{
			$arr2 = mysql_fetch_assoc($res2);
			$postername = $arr2["username"];

			$avatar = ($CURUSER["avatars"] == "yes" ? htmlspecialchars($arr2["avatar"]) : "");
			$title = ($arr2["title"] ? $arr2["title"] : get_user_class_name($arr2["class"]));

			$by = "<a href=userdetails.php?id=$posterid><b>$postername</b></a>" . get_user_icons($arr2) . " ($title)";
		}

		if (!$avatar)
			$avatar = "/pic/default_avatar.gif";

		print("<a name=$postid>\n");

		if ($pn == $pc)
		{
			print("<a name=last>\n");
			if ($postid > $lpr)
				query("UPDATE readposts SET lastpostread=$postid WHERE userid=$userid AND topicid=$topicid") or sqlerr(__FILE__, __LINE__);
		}

		print("<p class=sub><table border=0 cellspacing=0 cellpadding=0><tr><td class=embedded width=99%>#$postid by $by at $added");

		if (!$locked || get_user_class() >= UC_MODERATOR)
			print(" - [<a href=?action=quotepost&topicid=$topicid&postid=$postid><b>Quote</b></a>]");

		if (($CURUSER["id"] == $posterid && !$locked) || get_user_class() >= UC_MODERATOR)
			print(" - [<a href=?action=editpost&postid=$postid><b>Edit</b></a>]");

		if (get_user_class() >= UC_MODERATOR)
			print(" - [<a href=?action=deletepost&postid=$postid><b>Delete</b></a>]");

		print("</td><td class=embedded width=1%><a href=#top><img src=/pic/top.gif border=0 alt='Top'></a></td></tr>");
		print("</table></p>\n");

		begin_table(true);

		$body = format_comment($arr["body"]);

		if (is_valid_id($arr['editedby']))
		{
			$res2 = query("SELECT username FROM users WHERE id=$arr[editedby]");
			if (mysql_num_rows($res2) == 1)
			{
				$arr2 = mysql_fetch_assoc($res2);
				$body .= "<p><font size=1 class=small>Last edited by <a href=userdetails.php?id=$arr[editedby]><b>$arr2[username]</b></a> at $arr[editedat] PST</font></p>\n";
			}
		}


		print("<tr valign=top><td width=150 align=center style='padding: 0px'>" . ($avatar ? "<img width=150 src=\"$avatar\" alt='Avatar'>" : ""). "</td><td class=comment>$body</td></tr>\n");

		end_table();
	}

	//------ Mod options

	if (get_user_class() >= UC_MODERATOR)
	{
		print("</td></tr><tr><td style='border-top: 0px'>\n");

		$res = query("SELECT id,name,minclasswrite FROM forums ORDER BY name") or sqlerr(__FILE__, __LINE__);
		print("<table border=0 cellspacing=0 cellpadding=0>\n");

		print("<form method=post action=?action=setsticky>\n");
		print("<input type=hidden name=topicid value=$topicid>\n");
		print("<input type=hidden name=returnto value=$SITEURL$_SERVER[REQUEST_URI]>\n");
		print("<tr><td class=embedded align=right>Sticky:</td>\n");
		print("<td class=embedded><input type=radio name=sticky value='yes' " . ($sticky ? " checked" : "") . "> Yes " . 
		"<input type=radio name=sticky value='no' " . (!$sticky ? " checked" : "") . "> No\n");
		print("<input type=submit value='Set'></td></tr>");
		print("</form>\n");

		print("<form method=post action=?action=setlocked>\n");
		print("<input type=hidden name=topicid value=$topicid>\n");
		print("<input type=hidden name=returnto value=$SITEURL$_SERVER[REQUEST_URI]>\n");
		print("<tr><td class=embedded align=right>Locked:</td>\n");
		print("<td class=embedded><input type=radio name=locked value='yes' " . ($locked ? " checked" : "") . "> Yes " . 
		"<input type=radio name=locked value='no' " . (!$locked ? " checked" : "") . "> No\n");
		print("<input type=submit value='Set'></td></tr>");
		print("</form>\n");

		print("<form method=post action=?action=renametopic>\n");
		print("<input type=hidden name=topicid value=$topicid>\n");
		print("<input type=hidden name=returnto value=$SITEURL$_SERVER[REQUEST_URI]>\n");
		print("<tr><td class=embedded align=right>Rename topic:</td><td class=embedded><input type=text name=subject " . 
		"size=60 maxlength=$maxsubjectlength value=\"" . htmlspecialchars($subject) . "\">\n");
		print("<input type=submit value='Okay'></td></tr>");
		print("</form>\n");

		print("<form method=post action=?action=movetopic&topicid=$topicid>\n");
		print("<tr><td class=embedded>Move this thread to:&nbsp;</td><td class=embedded><select name=forumid>");

		while ($arr = mysql_fetch_assoc($res))
			if ($arr["id"] != $forumid && get_user_class() >= $arr["minclasswrite"])
				print("<option value=" . $arr["id"] . ">" . $arr["name"] . "\n");

		print("</select> <input type=submit value='Okay'></form></td></tr>\n");
		print("<tr><td class=embedded>Delete topic</td><td class=embedded>\n");
		print("<form method=get action=/forums.php>\n");
		print("<input type=hidden name=action value=deletetopic>\n");
		print("<input type=hidden name=topicid value=$topicid>\n");
		print("<input type=hidden name=forumid value=$forumid>\n");
		print("<input type=checkbox name=sure value=1>I'm sure\n");
		print("<input type=submit value='Okay'>\n");
		print("</form>\n");
		print("</td></tr>\n");
		print("</table>\n");
	}

	end_frame();
	end_main_frame();
	print($pagemenu);

	if ($locked && get_user_class() < UC_MODERATOR)
		print("<p>This topic is locked; no new posts are allowed.</p>\n");

	else
	{
		$arr = get_forum_access_levels($forumid) or die;

		if (get_user_class() < $arr["write"])
			print("<p><i>You are not permitted to post in this forum.</i></p>\n");
		else
			$maypost = true;
	}

	//------ "View unread" / "Add reply" buttons

	print("<p><table class=main border=0 cellspacing=0 cellpadding=0><tr>\n");
	print("<td class=embedded><form method=get action=?>\n");
	print("<input type=hidden name=action value=viewunread>\n");
	print("<input type=submit value='View Unread' class=btn>\n");
	print("</form></td>\n");

	if ($maypost)
	{
		print("<td class=embedded style='padding-left: 10px'><form method=get action=?>\n");
		print("<input type=hidden name=action value=reply>\n");
		print("<input type=hidden name=topicid value=$topicid>\n");
		print("<input type=submit value='Add Reply' class=btn>\n");
		print("</form></td>\n");
	}
	print("</tr></table></p>\n");

	//------ Forum quick jump drop-down

	insert_quick_jump_menu($forumid);
	stdfoot();
	die;
}

//-------- Action: Move topic

if ($action == "movetopic")
{
	if (get_user_class() < UC_MODERATOR)
		error("Permission denied.");

	$forumid = $_POST["forumid"];
	$topicid = $_GET["topicid"];

	if (!is_valid_id($forumid))
		error("Invalid forum ID.");
	if (!is_valid_id($topicid))
		error("Invalid topic ID.");

	$arr = get_forum_access_levels($forumid) or die("Bad forum ID");
	if (get_user_class() < $arr["write"])
		error("Permission denied.");

	$res = query("SELECT subject,forumid FROM topics WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

	if (mysql_num_rows($res) != 1)
		error("Topic not found.");

	$arr = mysql_fetch_assoc($res);

	if ($arr["forumid"] != $forumid)
		query("UPDATE topics SET forumid=$forumid WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

	// Redirect to forum page

	header("Location: $SITEURL/forums.php?action=viewforum&forumid=$forumid");
	die;
}

//-------- Action: Delete topic

if ($action == "deletetopic")
{
	if (get_user_class() < UC_MODERATOR)
		error("Permission denied.");

	$topicid = $_GET["topicid"];
	$forumid = $_GET["forumid"];
	$sure = $_GET["sure"];

	if (!is_valid_id($topicid))
		error("Invalid topic ID.");

	if (!$sure)
		alert("Delete topic", "Sanity check: You are about to delete a topic. Click <a href=?action=deletetopic&topicid=$topicid&sure=1>here</a> if you are sure.");

	query("DELETE FROM topics WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);
	query("DELETE FROM posts WHERE topicid=$topicid") or sqlerr(__FILE__, __LINE__);

	header("Location: $SITEURL/forums.php?action=viewforum&forumid=$forumid");
	die;
}

//-------- Action: Edit post

if ($action == "editpost")
{
	$postid = $_GET["postid"];

	if (!is_valid_id($postid))
		die;

	$res = query("SELECT * FROM posts WHERE id=$postid") or sqlerr(__FILE__, __LINE__);

	if (mysql_num_rows($res) != 1)
		error("No post with ID.");

	$arr = mysql_fetch_assoc($res);

	$res2 = query("SELECT locked FROM topics WHERE id = " . $arr["topicid"]) or sqlerr(__FILE__, __LINE__);
	$arr2 = mysql_fetch_assoc($res2);

	if (mysql_num_rows($res) != 1)
		error("No topic associated with post ID.");

	$locked = ($arr2["locked"] == 'yes');

	if (($CURUSER["id"] != $arr["userid"] || $locked) && get_user_class() < UC_MODERATOR)
		error("Denied!");

	if ($_SERVER['REQUEST_METHOD'] == 'POST')
	{
		$body = $_POST['body'];

		if ($body == "")
			error("Body cannot be empty!");

		$body = sqlesc($body);

		$editedat = sqlesc(get_date_time());

		query("UPDATE posts SET body=$body, editedat=$editedat, editedby=$CURUSER[id] WHERE id=$postid") or sqlerr(__FILE__, __LINE__);

		$returnto = $_POST["returnto"];

		if ($returnto != "")
		{
			$returnto .= "&page=p$postid#$postid";
			header("Location: $returnto");
		}
		else
			alert("Success", "Post was edited successfully.");
	}

	stdhead();

	print("<h1>Edit Post</h1>\n");

	print("<form method=post action=?action=editpost&postid=$postid>\n");
	print("<input type=hidden name=returnto value=\"" . htmlspecialchars($_SERVER["HTTP_REFERER"]) . "\">\n");

	print("<table border=1 cellspacing=0 cellpadding=5>\n");
	print("<tr><td style='padding: 0px'><textarea name=body cols=100 rows=20 style='border: 0px'>" . htmlspecialchars($arr["body"]) . "</textarea></td></tr>\n");
	print("<tr><td align=center><input type=submit value='Okay' class=btn></td></tr>\n");
	print("</table>\n");

	print("</form>\n");

	stdfoot();
	die;
}

//-------- Action: Delete post

if ($action == "deletepost")
{
	$postid = $_GET["postid"];

	$sure = $_GET["sure"];

	if (get_user_class() < UC_MODERATOR || !is_valid_id($postid))
		die;

	//------- Get topic id

	$res = query("SELECT topicid FROM posts WHERE id=$postid") or sqlerr(__FILE__, __LINE__);
	$arr = mysql_fetch_row($res) or error("Post not found");
	$topicid = $arr[0];

	//------- We can not delete the post if it is the only one of the topic

	$res = query("SELECT COUNT(*) FROM posts WHERE topicid=$topicid") or sqlerr(__FILE__, __LINE__);

	$arr = mysql_fetch_row($res);

	if ($arr[0] < 2)
	{
		$res2 = query("SELECT forumid FROM topics WHERE id=$topicid LIMIT 1");
		$arr2 = mysql_fetch_assoc($res2);
		$forumid = $arr2["forumid"];
		error("Can't delete post; it is the only post of the topic. You should\n" .
		"<a href=?action=deletetopic&topicid=$topicid&forumid=$forumid&sure=1>delete the topic</a> instead.\n");
	}

	//------- Get the id of the last post before the one we're deleting

	$res = query("SELECT id FROM posts WHERE topicid=$topicid AND id < $postid ORDER BY id DESC LIMIT 1") or sqlerr(__FILE__, __LINE__);
	if (mysql_num_rows($res) == 0)
		$redirtopost = "";
	else
	{
		$arr = mysql_fetch_row($res);
		$redirtopost = "&page=p$arr[0]#$arr[0]";
	}

	//------- Make sure we know what we do :-)

	if (!$sure)
	{
		alert("Delete post", "Sanity check: You are about to delete a post. Click\n" .
		"<a href=?action=deletepost&postid=$postid&sure=1>here</a> if you are sure.");
	}

	//------- Delete post

	query("DELETE FROM posts WHERE id=$postid") or sqlerr(__FILE__, __LINE__);

	//------- Update topic

	update_topic_last_post($topicid);

	header("Location: $SITEURL/forums.php?action=viewtopic&topicid=$topicid$redirtopost");

	die;
}

//-------- Action: Lock topic

if ($action == "locktopic")
{
	$forumid = $_GET["forumid"];
	$topicid = $_GET["topicid"];
	$page = $_GET["page"];

	if (!is_valid_id($topicid) || get_user_class() < UC_MODERATOR)
		die;

	query("UPDATE topics SET locked='yes' WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

	header("Location: $SITEURL/forums.php?action=viewforum&forumid=$forumid&page=$page");

	die;
}

//-------- Action: Unlock topic

if ($action == "unlocktopic")
{
	$forumid = $_GET["forumid"];

	$topicid = $_GET["topicid"];

	$page = $_GET["page"];

	if (!is_valid_id($topicid) || get_user_class() < UC_MODERATOR)
		die;

	query("UPDATE topics SET locked='no' WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

	header("Location: $SITEURL/forums.php?action=viewforum&forumid=$forumid&page=$page");

	die;
}

//-------- Action: Set locked on/off

if ($action == "setlocked")
{
	$topicid = 0 + $_POST["topicid"];

	if (!$topicid || get_user_class() < UC_MODERATOR)
		die;

	$locked = sqlesc($_POST["locked"]);
	query("UPDATE topics SET locked=$locked WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

	header("Location: $_POST[returnto]");

	die;
}

//-------- Action: Set sticky on/off

if ($action == "setsticky")
{
	$topicid = 0 + $_POST["topicid"];

	if (!$topicid || get_user_class() < UC_MODERATOR)
		die;

	$sticky = sqlesc($_POST["sticky"]);
	query("UPDATE topics SET sticky=$sticky WHERE id=$topicid") or sqlerr(__FILE__, __LINE__);

	header("Location: $_POST[returnto]");

	die;
}

//-------- Action: Rename topic

if ($action == 'renametopic')
{
	if (get_user_class() < UC_MODERATOR)
		die;

	$topicid = $_POST['topicid'];

	if (!is_valid_id($topicid))
		die;

	$subject = $_POST['subject'];

	if ($subject == "")
		error("You must enter a new title!");

	$subject = sqlesc($subject);

	query("UPDATE topics SET subject=$subject WHERE id=$topicid") or sqlerr();

	$returnto = $_POST['returnto'];

	if ($returnto)
		header("Location: $returnto");

	die;
}

//-------- Action: View forum

if ($action == "viewforum")
{
	$forumid = $_GET["forumid"];

	if (!is_valid_id($forumid))
		die;

	$page = $_GET["page"];

	$userid = $CURUSER["id"];

	//------ Get forum name

	$res = query("SELECT name, minclassread FROM forums WHERE id=$forumid") or sqlerr(__FILE__, __LINE__);

	$arr = mysql_fetch_assoc($res) or die;

	$forumname = $arr["name"];

	if (get_user_class() < $arr["minclassread"])
		die("Not permitted");

	//------ Page links

	//------ Get topic count

	$perpage = $CURUSER["topicsperpage"];
	if (!$perpage)
		$perpage = 20;

	$res = query("SELECT COUNT(*) FROM topics WHERE forumid=$forumid") or sqlerr(__FILE__, __LINE__);

	$arr = mysql_fetch_row($res);

	$num = $arr[0];

	if ($page == 0)
		$page = 1;

	$first = ($page * $perpage) - $perpage + 1;

	$last = $first + $perpage - 1;

	if ($last > $num)
		$last = $num;

	$pages = floor($num / $perpage);

	if ($perpage * $pages < $num)
		++$pages;

	//------ Build menu

	$menu = "<p align=center><b>\n";

	$lastspace = false;

	for ($i = 1; $i <= $pages; ++$i)
	{
		if ($i == $page)
			$menu .= "<font class=gray>$i</font>\n";
		elseif ($i > 3 && ($i < $pages - 2) && ($page - $i > 3 || $i - $page > 3))
		{
			if ($lastspace)
				continue;

			$menu .= "... \n";

			$lastspace = true;
		}
		else
		{
			$menu .= "<a href=?action=viewforum&forumid=$forumid&page=$i>$i</a>\n";

			$lastspace = false;
		}

		if ($i < $pages)
			$menu .= "</b>|<b>\n";
	}

	$menu .= "<br>\n";

	if ($page == 1)
		$menu .= "<font class=gray>&lt;&lt; Prev</font>";
	else
		$menu .= "<a href=?action=viewforum&forumid=$forumid&page=" . ($page - 1) . ">&lt;&lt; Prev</a>";

	$menu .= "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";

	if ($last == $num)
		$menu .= "<font class=gray>Next &gt;&gt;</font>";
	else
		$menu .= "<a href=?action=viewforum&forumid=$forumid&page=" . ($page + 1) . ">Next &gt;&gt;</a>";

	$menu .= "</b></p>\n";

	$offset = $first - 1;

	//------ Get topics data

	$topicsres = query("SELECT * FROM topics WHERE forumid=$forumid ORDER BY sticky, lastpost DESC LIMIT $offset,$perpage") or alert("SQL Error", mysql_error());

	stdhead("Forum");

	$numtopics = mysql_num_rows($topicsres);

	print("<h1><a href=/forums.php>Forums</a> &gt; $forumname</h1>\n");

	if ($numtopics > 0)
	{
		print($menu);

		print("<table border=1 cellspacing=0 cellpadding=5>");

		print("<tr><td class=colhead align=left>Topic</td><td class=colhead>Replies</td><td class=colhead>Views</td>\n" .
		"<td class=colhead align=left>Author</td><td class=colhead align=left>Last&nbsp;post</td>\n");

		print("</tr>\n");

		while ($topicarr = mysql_fetch_assoc($topicsres))
		{
			$topicid = $topicarr["id"];

			$topic_userid = $topicarr["userid"];

			$topic_views = $topicarr["views"];

			$views = number_format($topic_views);

			$locked = $topicarr["locked"] == "yes";

			$sticky = $topicarr["sticky"] == "yes";

			//---- Get reply count

			$res = query("SELECT COUNT(*) FROM posts WHERE topicid=$topicid") or sqlerr(__FILE__, __LINE__);

			$arr = mysql_fetch_row($res);

			$posts = $arr[0];

			$replies = max(0, $posts - 1);

			$tpages = floor($posts / $postsperpage);

			if ($tpages * $postsperpage != $posts)
				++$tpages;

			if ($tpages > 1)
			{
				$topicpages = " (<img src=/pic/multipage.gif>";

				for ($i = 1; $i <= $tpages; ++$i)
					$topicpages .= " <a href=?action=viewtopic&topicid=$topicid&page=$i>$i</a>";

				$topicpages .= ")";
			}
			else
				$topicpages = "";

			//---- Get userID and date of last post

			$res = query("SELECT * FROM posts WHERE topicid=$topicid ORDER BY id DESC LIMIT 1") or sqlerr(__FILE__, __LINE__);

			$arr = mysql_fetch_assoc($res);

			$lppostid = 0 + $arr["id"];

			$lpuserid = 0 + $arr["userid"];

			$lpadded = "<nobr>" . $arr["added"] . "</nobr>";

			//------ Get name of last poster

			$res = query("SELECT * FROM users WHERE id=$lpuserid") or sqlerr(__FILE__, __LINE__);

			if (mysql_num_rows($res) == 1)
			{
				$arr = mysql_fetch_assoc($res);

				$lpusername = "<a href=userdetails.php?id=$lpuserid><b>$arr[username]</b></a>";
			}
			else
				$lpusername = "<b>[Deleted user]</b>";

			//------ Get author

			$res = query("SELECT username FROM users WHERE id=$topic_userid") or sqlerr(__FILE__, __LINE__);

			if (mysql_num_rows($res) == 1)
			{
				$arr = mysql_fetch_assoc($res);

				$lpauthor = "<a href=userdetails.php?id=$topic_userid><b>$arr[username]</b></a>";
			}
			else
				$lpauthor = "<b>[Deleted user]</b>";

			//---- Print row

			$r = query("SELECT lastpostread FROM readposts WHERE userid=$userid AND topicid=$topicid") or sqlerr(__FILE__, __LINE__);

			$a = mysql_fetch_row($r);

			$new = !$a || $lppostid > $a[0];

			$topicpic = ($locked ? ($new ? "lockednew" : "locked") : ($new ? "unlockednew" : "unlocked"));

			$subject = ($sticky ? "Sticky: " : "") . "<a href=?action=viewtopic&topicid=$topicid><b>" .
			htmlspecialchars($topicarr["subject"]) . "</b></a>$topicpages";

			print("<tr><td align=left><table border=0 cellspacing=0 cellpadding=0><tr>" .
			"<td class=embedded style='padding-right: 5px'><img src=/pic/$topicpic.gif>" .
			"</td><td class=embedded align=left>\n" .
			"$subject</td></tr></table></td><td align=right>$replies</td>\n" .
			"<td align=right>$views</td><td align=left>$lpauthor</td>\n" .
			"<td align=left>$lpadded<br>by&nbsp;$lpusername</td>\n");

			print("</tr>\n");
		} // while

		print("</table>\n");

		print($menu);

	} // if
	else
		print("<p align=center>No topics found</p>\n");

	print("<p><table class=main border=0 cellspacing=0 cellpadding=0><tr valing=center>\n");

	print("<td class=embedded><img src=/pic/unlockednew.gif style='margin-right: 5px'></td><td class=embedded>New posts</td>\n");

	print("<td class=embedded><img src=/pic/locked.gif style='margin-left: 10px; margin-right: 5px'>" .
	"</td><td class=embedded>Locked topic</td>\n");

	print("</tr></table></p>\n");

	$arr = get_forum_access_levels($forumid) or die;

	$maypost = get_user_class() >= $arr["write"] && get_user_class() >= $arr["create"];

	if (!$maypost)
		print("<p><i>You are not permitted to start new topics in this forum.</i></p>\n");

	print("<p><table border=0 class=main cellspacing=0 cellpadding=0><tr>\n");

	print("<td class=embedded><form method=get action=?><input type=hidden " .
	"name=action value=viewunread><input type=submit value='View unread' class=btn></form></td>\n");

	if ($maypost)
		print("<td class=embedded><form method=get action=?><input type=hidden " .
		"name=action value=newtopic><input type=hidden name=forumid " .
		"value=$forumid><input type=submit value='New topic' class=btn style='margin-left: 10px'></form></td>\n");

	print("</tr></table></p>\n");

	insert_quick_jump_menu($forumid);

	stdfoot();

	die;
}

//-------- Action: View unread posts

if ($action == "viewunread")
{
	$maxresults = 25;

	$res = query("SELECT topics.id, topics.forumid, topics.subject, topics.lastpost, forums.name, forums.minclassread FROM topics " . 
	"LEFT JOIN readposts ON topics.id=readposts.topicid AND readposts.userid=$CURUSER[id] LEFT JOIN forums on topics.forumid=forums.id " . 
	"WHERE (lastpost > lastpostread OR lastpostread IS NULL) AND $CURUSER[class] >= minclassread ORDER BY lastpost DESC LIMIT " . 
	($maxresults + 1) . "") or sqlerr(__FILE__, __LINE__);

	stdhead("Unread posts");
	print("<h1><a href=/forums.php>Forums</a> &gt; Topics with unread posts</h1>\n");

	$n = 0;

	if (mysql_num_rows($res) > 0)
	{
		print("<table border=1 cellspacing=0 cellpadding=5>\n");
		print("<tr><td class=colhead align=left>Topic</td><td class=colhead align=left>Forum</td></tr>\n");
	
		while ($arr = mysql_fetch_assoc($res))
		{
			++$n;
			if ($n > $maxresults)
				break;
	
			$topicid = $arr['id'];
			$forumid = $arr['forumid'];
			$forumname = $arr['name'];
	
			print("<tr><td align=left><table border=0 cellspacing=0 cellpadding=0><tr><td class=embedded>" .
			"<img src=/pic/unlockednew.gif style='margin-right: 5px'></td><td class=embedded>" .
			"<a href=?action=viewtopic&topicid=$topicid&page=last#last><b>" . htmlspecialchars($arr["subject"]) .
			"</b></a></td></tr></table></td><td align=left><a href=?action=viewforum&amp;forumid=$forumid><b>$forumname</b></a></td></tr>\n");
		}
	
		print("</table>\n");
		if ($n > $maxresults)
			print("<p>More than $maxresults items found, displaying first $maxresults.</p>\n");
		print("<p><a href=?action=catchup><b>Catch up</b></a></p>\n");
	}
	else
		print("<b>Nothing found</b>");
	
	stdfoot();
	die;
}

//-------- Action: View newest posts

if ($action == "viewnewest")
{
	$maxresults = 25;

	$res = query("SELECT topics.id, topics.forumid, topics.subject, topics.lastpost, forums.name, forums.minclassread, readposts.lastpostread FROM topics " . 
	"LEFT JOIN readposts ON topics.id=readposts.topicid AND readposts.userid=$CURUSER[id] LEFT JOIN forums on topics.forumid=forums.id " . 
	"WHERE $CURUSER[class] >= minclassread ORDER BY lastpost DESC LIMIT $maxresults") or sqlerr(__FILE__, __LINE__);

	stdhead("Newest posts");
	print("<h1><a href=/forums.php>Forums</a> &gt; Topics with newest posts</h1>\n");

	if (mysql_num_rows($res) > 0)
	{
		print("<table border=1 cellspacing=0 cellpadding=5>\n");
		print("<tr><td class=colhead align=left>Topic</td><td class=colhead align=left>Forum</td></tr>\n");
	
		while ($arr = mysql_fetch_assoc($res))
		{
			$img = "unlocked";
			if ($arr["lastpost"] > $arr["lastpostread"] || $arr["lastpostread"] == NULL)
				$img = "unlockednew";
			$topicid = $arr['id'];
			$forumid = $arr['forumid'];
			$forumname = $arr['name'];
	
			print("<tr><td align=left><table border=0 cellspacing=0 cellpadding=0><tr><td class=embedded>" .
			"<img src=/pic/$img.gif style='margin-right: 5px'></td><td class=embedded>" .
			"<a href=?action=viewtopic&topicid=$topicid&page=last#last><b>" . htmlspecialchars($arr["subject"]) .
			"</b></a></td></tr></table></td><td align=left><a href=?action=viewforum&amp;forumid=$forumid><b>$forumname</b></a></td></tr>\n");
		}
	
		print("</table>\n");
		print("<p><a href=?action=catchup><b>Catch up</b></a></p>\n");
	}
	else
		print("<b>Nothing found</b>");
	
	stdfoot();
	die;
}

if ($action == "catchup")
{
	$res = query("SELECT topics.id AS topicid, lastpost, lastpostread FROM topics LEFT JOIN readposts ON topics.id=readposts.topicid AND readposts.userid=$CURUSER[id] " . 
	"LEFT JOIN forums on topics.forumid=forums.id WHERE (lastpost > lastpostread OR lastpostread IS NULL) AND $CURUSER[class] >= minclassread") or sqlerr(__FILE__, __LINE__);

	while ($arr = mysql_fetch_assoc($res))
	{
		$topicid = $arr["topicid"];
		$lastpost = $arr["lastpost"];

		if ($arr["lastpostread"] == NULL)
			query("INSERT INTO readposts (userid, topicid, lastpostread) VALUES($CURUSER[id], $topicid, $lastpost)") or sqlerr(__FILE__, __LINE__);
		else
			query("UPDATE readposts SET lastpostread=$lastpost WHERE userid=$CURUSER[id] AND topicid=$topicid") or sqlerr(__FILE__, __LINE__);
	}
	header("Location: $SITEURL/forums.php");
	die;
}

if ($action == "search")
{
	stdhead("Forum Search");
	print("<h1><a href=/forums.php>Forums</a> &gt; Forum Search</h1>\n");
	$keywords = trim($_GET["keywords"]);
	if ($keywords != "")
	{
		$perpage = 50;
		$page = max(1, 0 + $_GET["page"]);
		$ekeywords = sqlesc($keywords);
		print("<p><b>Searched for \"" . htmlspecialchars($keywords) . "\"</b></p>\n");
		$res = query("SELECT COUNT(*) FROM posts WHERE MATCH (body) AGAINST ($ekeywords)") or sqlerr(__FILE__, __LINE__);
		$arr = mysql_fetch_row($res);
		$hits = 0 + $arr[0];
		if ($hits == 0)
			print("<p><b>Sorry, nothing found!</b></p>");
		else
		{
			$pages = 0 + ceil($hits / $perpage);
			if ($page > $pages) 
				$page = $pages;
			for ($i = 1; $i <= $pages; ++$i)
				if ($page == $i)
					$pagemenu1 .= "<font class=gray><b>$i</b></font>\n";
				else
					$pagemenu1 .= "<a href=\"/forums.php?action=search&amp;keywords=" . htmlspecialchars($keywords) . "&amp;page=$i\"><b>$i</b></a>\n";
			if ($page == 1)
				$pagemenu2 = "<font class=gray><b>&lt;&lt; Prev</b></font>\n";
			else
				$pagemenu2 = "<a href=\"/forums.php?action=search&amp;keywords=" . htmlspecialchars($keywords) . "&amp;page=" . ($page - 1) . "\"><b>&lt;&lt; Prev</b></a>\n";
			$pagemenu2 .= "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;\n";
			if ($page == $pages)
				$pagemenu2 .= "<font class=gray><b>Next &gt;&gt;</b></font>\n";
			else
				$pagemenu2 .= "<a href=\"/forums.php?action=search&amp;keywords=" . htmlspecialchars($keywords) . "&amp;page=" . ($page + 1) . "\"><b>Next &gt;&gt;</b></a>\n";
			$offset = ($page * $perpage) - $perpage;
			$res = query("SELECT id, topicid,userid,added FROM posts WHERE MATCH (body) AGAINST ($ekeywords) ORDER BY id DESC LIMIT $offset,$perpage") or sqlerr(__FILE__, __LINE__);
			$num = mysql_num_rows($res);
			print("<p>$pagemenu1<br>$pagemenu2</p>");
			print("<table border=1 cellspacing=0 cellpadding=5>\n");
			print("<tr><td class=colhead>Post</td><td class=colhead align=left>Topic</td><td class=colhead align=left>Forum</td><td class=colhead align=left>Posted by</td></tr>\n");
			for ($i = 0; $i < $num; ++$i)
			{
				$post = mysql_fetch_assoc($res);
				$res2 = query("SELECT forumid, subject FROM topics WHERE id=$post[topicid]") or sqlerr(__FILE__, __LINE__);
				$topic = mysql_fetch_assoc($res2);
				$res2 = query("SELECT name,minclassread FROM forums WHERE id=$topic[forumid]") or sqlerr(__FILE__, __LINE__);
				$forum = mysql_fetch_assoc($res2);
				if ($forum["name"] == "" || $forum["minclassread"] > $CURUSER["class"])
				{
					--$hits;
					continue;
				}
				$res2 = query("SELECT username FROM users WHERE id=$post[userid]") or sqlerr(__FILE__, __LINE__);
				$user = mysql_fetch_assoc($res2);
				if ($user["username"] == "")
					$user["username"] = "[$post[userid]]";
				print("<tr><td>$post[id]</td><td align=left><a href=?action=viewtopic&amp;topicid=$post[topicid]&amp;page=p$post[id]#$post[id]><b>" . 										htmlspecialchars($topic["subject"]) . "</b></a></td><td align=left><a href=?action=viewforum&amp;forumid=$topic[forumid]><b>" . 
				htmlspecialchars($forum["name"]) . "</b></a><td align=left><a href=userdetails.php?id=$post[userid]><b>$user[username]</b></a><br>at $post[added]</tr>\n");
			}
			print("</table>\n");
			print("<p>$pagemenu2<br>$pagemenu1</p>");
			print("<p>Found $hits post" . ($hits != 1 ? "s" : "") . ".</p>");
			print("<p><b>Search again</b></p>\n");
		}
	}
	print("<form method=get action=/forums.php?>\n");
	print("<input type=hidden name=action value=search>\n");
	print("<table border=1 cellspacing=0 cellpadding=5>\n");
	print("<tr><td class=rowhead>Key words</td><td align=left><input type=text size=55 name=keywords value=\"" . htmlspecialchars($keywords) .
	"\"><br>\n" .
	"<font class=small size=-1>Enter one or more words to search for.<br>Very common words and words with less than 3 characters are ignored.</font></td></tr>\n");
	print("<tr><td align=center colspan=2><input type=submit value='Search' class=btn></td></tr>\n");
	print("</table>\n</form>\n");
	stdfoot();
	die;
}

//-------- Handle unknown action

if ($action != "")
	error("Unknown forum action.");

//-------- Default action: View forums

$forums_res = query("SELECT id, name, description, minclassread, topiccount, postcount FROM forums ORDER BY name") or sqlerr(__FILE__, __LINE__);

stdhead("Forums");

print("<h1>Forums</h1>\n");
print("<table border=1 cellspacing=0 cellpadding=5>\n");
print("<tr><td class=colhead align=left>Forum</td><td class=colhead align=right>Topics</td><td class=colhead align=right>Posts</td><td class=colhead align=left>Last post</td></tr>\n");

while ($forums_arr = mysql_fetch_assoc($forums_res))
{
	if (get_user_class() < $forums_arr["minclassread"])
		continue;

	$forumid = $forums_arr["id"];
	$forumname = htmlspecialchars($forums_arr["name"]);
	$forumdescription = htmlspecialchars($forums_arr["description"]);
	$topiccount = number_format($forums_arr["topiccount"]);
	$postcount = number_format($forums_arr["postcount"]);

	// Find last post
	$post_res = query("SELECT topics.lastpost, topics.subject, topics.id, posts.added, posts.userid, users.username FROM topics LEFT JOIN posts ON posts.id=topics.lastpost " . 
	"LEFT JOIN users ON posts.userid=users.id WHERE forumid=$forumid ORDER BY lastpost DESC LIMIT 1") or sqlerr(__FILE__, __LINE__);

	if (mysql_num_rows($post_res) == 1)
	{
		$post_arr = mysql_fetch_assoc($post_res) or die("Bad forum last_post");

		$lastposterid = $post_arr["userid"];
		$lastpostdate = $post_arr["added"];
		$lasttopicid = $post_arr["id"];
		$lastposter = $post_arr["username"];
		$lasttopic = htmlspecialchars($post_arr["subject"]);
		$lastpostid = $post_arr["lastpost"];

		$lastpost = "<nobr>$lastpostdate<br>" .
		"by <a href=userdetails.php?id=$lastposterid><b>$lastposter</b></a><br>" .
		"in <a href=?action=viewtopic&topicid=$lasttopicid&amp;page=p$lastpostid#$lastpostid><b>$lasttopic</b></a></nobr>";

		$img = "unlocked";

		$res = query("SELECT COUNT(*) FROM topics LEFT JOIN readposts ON topics.id=readposts.topicid AND readposts.userid=$CURUSER[id] " . 
		"WHERE forumid = $forumid AND (lastpost > lastpostread OR lastpostread IS NULL)");
		$arr = mysql_fetch_row($res);
		if ($arr[0])
			$img = "unlockednew";
	}
	else
	{
		$lastpost = "N/A";
		$img = "unlocked";
	}

	print("<tr><td align=left><table border=0 cellspacing=0 cellpadding=0><tr><td class=embedded style='padding-right: 5px'><img src=".
	"/pic/$img.gif></td><td class=embedded><a href=?action=viewforum&forumid=$forumid><b>$forumname</b></a><br>\n" .
	"$forumdescription</td></tr></table></td><td align=right>$topiccount</td><td align=right>$postcount</td>" .
	"<td align=left>$lastpost</td></tr>\n");
}

print("</table>\n");
print("<p align=center><a href=?action=search><b>Search</b></a> | <a href=?action=viewunread><b>View unread</b></a> | ");
print("<a href=?action=viewnewest><b>View newest</b></a> | <a href=?action=catchup><b>Catch up</b></a></p>");

stdfoot();
?>